You don't have to use the Wayback machine to go retro -- just go to work for Google. According to Microsoft, they still use IE 6, a dinosaur of a browser, release in 2001. (Source: Wikimedia Commons)

Stale software products are endangering users, says Microsoft

It's been over eight years since
Internet Explorer 6 was released (August 2001) and over three years
since Internet Explorer 7 was released (October 2006). However, many
IT departments cling to the stale browsers, rather than upgrading
to Internet Explorer 8, which was released
last March. Justifications for not upgrading are diverse
and include potential compatibility issues with applications, the
cost in manpower hours to switch to the new browser, and the
potential expense of buying new tools to manage the newer
browser.

Microsoft's General Manager of Trustworthy Computing
Security, George Stathakopoulos, has released a new statement which
warns information technology departments to change their ways when it
comes to the slow pace of browser upgrades, or risk losing valuable
company information. The statement follows on the heels of a
successful
attack on Google, Adobe, and others, which exploited a memory
flaw in Internet Explorer 6 (and potentially IE7) to gain system
access.

Writes Microsoft, "That said, we remain vigilant
about this threat evolving and want to be sure our customers take
appropriate action to protect themselves. That is why we continue to
recommend that customers using IE6 or IE7, upgrade
to IE8 as soon as possible to benefit from the improved security
protections it offers. Customers who are using Windows XP SP2 should
be sure to upgrade to both IE8 and enable Data Execution Protection
(DEP), or upgrade to
Windows XP SP3 which enables DEP by default, as soon as possible.
Additionally customers should consider implementing the workarounds
and mitigations provided in the Security Advisory."

Microsoft's
statement touches on the fact that IT departments also frequently are
slow in adopting new operating systems or service packs for similar
reasons as the browser reticence -- compatibility, cost, etc.

More
interestingly, Microsoft's statements indicate that attack victims
Google and Adobe (as well as other undisclosed victims) are using the
very outdated Internet Explorer 6. Writes Microsoft, "In
terms of the threat landscape, we are only seeing very limited number
of targeted attacks against a small subset of corporations. The
attacks that we have seen to date, including public proof-of-concept
exploit code, are only effective against Internet Explorer 6. Based
on a rigorous analysis of multiple sources, we are not aware of any
successful attacks against IE7 and IE8 at this time."

That's
somewhat surprising to discover that a cutting edge internet firm
like Google still relies heavily on such a stale browser.
Microsoft says that it still does not have a solution to fix the
memory flaw in IE6 and IE7. However, it says that consumers can
take comfort in that it is only aware of attacks on commercial users
to date.

The company concludes, "In summary, we are not
seeing any widespread attacks by any means, and thus far we are not
seeing attacks focused on consumers."

"Well, there may be a reason why they call them 'Mac' trucks! Windows machines will not be trucks." -- Microsoft CEO Steve Ballmer